On 28-Apr-2006, at 12:58, Nick Rothwell wrote:
> Is anyone using the collective as an obfuscation technology?

Not obfuscation but as a way of delivering functionality that
otherwise requires a license.

Think Jitter.

For that matter, think anything Standalone. A standalone is
essentially a Bundle (or whatever they’re called on Windows)
containing the runtime, a collective, and some auxiliary files. If
you can take apart the collective, you would have access to the
component externals and other shared libraries.

Changing this might not be the end of civilization as we know it, but
it would probably force those 3rd parties with commercial externals
to rethink their licensing policies.

—-

Returning to the original question: there was some discussion on the
list shortly after introduction of Max 4.3 (ie, the first Windows
version of Max) about what options there were for building cross-
platform Collectives. I seem to recall that it was possible, just
somewhat unwieldy.

I don’t recall all details and have, for my part, simply built Mac
collectives on Mac OS and Windows collectives on a PC. On the Litter
Examples page I simply offer both flavors and people choose what they
want to download. This may not work for everyone, but should cover
quite a lot of situations.

> Not obfuscation but as a way of delivering functionality that
> otherwise requires a license.
>
> Think Jitter.

I don’t follow. Does Jitter (or jitlib, or whatever) make use of
collectives?

> For that matter, think anything Standalone. A standalone is
> essentially a Bundle (or whatever they’re called on Windows)
> containing the runtime, a collective, and some auxiliary files. If
> you can take apart the collective, you would have access to the
> component externals and other shared libraries.

Sure – this is where the thread started. I was wondering whether,
given a standalone for one platform (say, Mac, since Windows doesn’t
support application bundles and resorts to leaving the innards in
plain view), is it possible to just punt the collective file to
another platform? I would guess only for collectives which only
contain patchers (and not externals), and these would be very boring
indeed.

There seems to be an assumption here that wrapping a pile of
commercial "stuff" into a collective somehow protects it from
examination. As far as I know, C’74 have not said (i) collectives are
good ways to protect your code, or (ii) collectives are false
security. (And as for (i), C’74 can of course unpack collective
files.) I treat them as weak security, up until the point that some
bored teenager figures out the format and tells everyone, in which
case they offer zero security.

(Maybe there’s an argument for an "encrypt collective so that only
Max can open it, and in read-only mode", but the cryptographic model
needed to support that is nontrivial.)

The collective file format is a crossplatform format. If you want to build for PC from the mac you may, just be careful not to include any platform specific binaries. Then you get all the externals you need for the other platform and a user may run the collective using the runtime or whatever.

The collective file format is in no way "secure", and was never intended to be. It is trivial to extract Max patches from a collective and at some point we may even make the details of the format public. Until then, you can just open them up in a text editor and have a look yourself.

There have been a number of requests for various C74 created ways to encrypt Max patches over the years and generally our feeling is that we will not do it. Writing CP code is a fairly boring and unrewarding way to spend your life. We use a third party for our CP needs, and would prefer to spend our development resources on new features for users rather than running around trying to stay one step ahead of the h20s of the world.We encourage people who have algorithms they would like to protect to do the same thing.

On 28-Apr-2006, at 17:01, Nick Rothwell wrote:
> I don’t follow. Does Jitter (or jitlib, or whatever) make use of
> collectives?

As I understand it, you can include jitlib in a collective (you need
to coerce Max into doing this) and then you can run jit.* objects as
part of the collective. No muss, no fuss, no challenge, no response,
no dongle. But this "freedom" is only inside the collective.

> There seems to be an assumption here that wrapping a pile of
> commercial "stuff" into a collective somehow protects it from
> examination. As far as I know, C’74 have not said (i) collectives
> are good ways to protect your code, or (ii) collectives are false
> security. (And as for (i), C’74 can of course unpack collective
> files.) I treat them as weak security, up until the point that some
> bored teenager figures out the format and tells everyone, in which
> case they offer zero security.

I also consider the security weak. But all security is weak, in’t?-.

I have made some half-hearted attempts at extracting externals from a
collective, without success (I’m glad to say). I have already
distributed a few clct’s to demo Litter Pro objects and am currently
working on a passle more. If embedded externals inextractable endure,
excellent it is. (Say that five times fast, Yoda!)

Personally, I’m not worried if people can see how the patch works. In
fact, I encourage it and there’s nothing or very little hidden in my
collectives.

But this is my take. I know that other people use collectives with
different goals.

> (Maybe there’s an argument for an "encrypt collective so that only
> Max can open it, and in read-only mode", but the cryptographic
> model needed to support that is nontrivial.)

On 28-Apr-2006, at 18:31, Peter Castine wrote:
> But all security is weak, in’t?-.

Now, picking up from what Andrew Pask wrote on a parallel thread:
> The collective file format is in no way "secure", and was never
> intended to be. It is trivial to extract Max patches from a collective

let’s make sure we’re on the same wavelength:

My concern is whether embedded externals are extractable. Someone
else’s concert may be whether embedded patches are extractable. Two
different animals, two different security levels. I think.

There is absolutely no "security" whatsoever in the collective file format , and we have never represented as much. If someone knows what they are doing, they can pretty much have it all, patches, externals, the lot.

If you have algorithms you need to protect, you should do it with purpose built tools.

Quote: Kasper T Toeplitz wrote on Fri, 28 April 2006 10:00
—————————————————-
> >It is trivial to extract Max patches from a
> >collective and at some point we may even make
> >the details of the format public. Until then,
> >you can just open them up in a text editor and
> >have a look yourself.
> >
> >
>
>
> as i just started another thread about it – i
> need to open as a max patch, a collective i have
> build years ago – i lost the original patches
>
> but opening the collective in BBedit gives me

i just stumbled across this thread looking for an answer to the exact problem plaguing kasper, so i’m giving this question one more attempt.

is the lack of response because no one knows how to do it, or is it something that no one wants to share (collapse of civilization and all that).

the question is how to edit a patch where the only saved version is a mxf collective file.

On 9-May-2006, at 4:12, Robert Ramirez wrote:
> is the lack of response because no one knows how to do it, or is it
> something that no one wants to share (collapse of civilization and
> all that).

I was told that it was easy to do, but when I directly asked
(offlist) for pointers on how, I never got a response either.

The first part of the answer is: you probably need to be reasonably
comfortable working with a Hex Editor to do this. If your response to
that is "What’s a Hex Editor?" then forget it.

I have looked at a collective from inside Hex Edit, it looks possible
but fiddly and I don’t have the time/motivation to figure this out
myself right now. Probably anyone who has taken the time is too busy
with other stuff to write a cookbook recipe.